﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Cryptography;
using System.Text;
using System.Web.Security;

namespace SacMauVN.Admin
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            CheckLogin(txtUsername.Text, txtPassword.Text);
        }

        protected void CheckLogin(string Username, string Password)
        {
            string sql = "SELECT * FROM dbo.tblSMVNUser WHERE Username = @Username AND Password = @Password";
            Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "MD5");
            List<SqlParameter> arParams = new List<SqlParameter>();
            arParams.Add(SqlHelper.CreateParameterObject("@Username", SqlDbType.NVarChar, ParameterDirection.Input, Username));
            arParams.Add(SqlHelper.CreateParameterObject("@Password", SqlDbType.NVarChar, ParameterDirection.Input, Password));
            DataTable dt = SqlHelper.ExecuteDataTable(CommandType.Text, sql, arParams);
            if (dt.Rows.Count > 0)
            {
                Session["Username"] = Username;
                Session["UserID"] = dt.Rows[0]["ID"];
                Session["HoTen"] = dt.Rows[0]["HoTen"].ToString();
                Session["Email"] = dt.Rows[0]["Email"].ToString();
                Response.Redirect(@"Default.aspx");
            }
            else
            {
                lblFail.Visible = true;
            }
        }
    }
}
